What is claimed is: 

1 . A key exchange proxy network system performing, 
as proxy, a key exchange processing to be performed between 
a first terminal unit and a second terminal unit for 
5 encryption communication therebetween, said key exchange 
proxy network system comprising! 

a first service control unit accessed by the first 
terminal unit, and a first key exchange proxy unit 
performing the key exchange processing as proxy for the 

10 first terminal unit; 

wherein the first service control unit comprises: 

a first message reception section receiving a message 
from the first terminal unit, or the second terminal unit, 
or the first key exchange proxy unit; 

a first protocol control section which retains a first 
data for deciding whether the message received by the first 
message reception section is a key exchange message or a 
message including a key, decides whether the reception 
message is the key exchangemessage or the message includrng 
20 the key based on said first data, determines- the first key 
exchange proxy unit as transfer destination when the 
reception message is the key exchangemessage received from 
either the first terminal unit or the second terminal unit, 
determines the second terminal unit as transfer destination 
25 when the reception message is the key exchange message 
received from the first key exchange proxy unit, and 
determines the first terminal unit as transfer destination 
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when the reception message is the message including the 
key; and 

a first message transmission section transmitting the 
message received by the first message reception section 
5 to the transfer destination determined by the first 
protocol control section, 

and the first key exchange proxy unit comprises . 

a second message reception section receiving the 
message from the first service control unit, 

a second protocol control section which exchanges the 
k ey exchange message with the second terminal unit, and 
determines the Key, when the message received by the second 
message reception section is the Key exchange message; and 
a second message transmission section transmitting 
1, the Key determined by the second protocol control section 
to the first service control unit as message including the 
key • 

2 . The key exchange proxy network system according 

20 to claim 1 , 

wherein, triggered by reception of the Key exchange 
message from the first terminal unit, the second protocol 
control section determines the Key with the second terminal 
unit . 

25 

3 . The key exchange proxy network system according 
to claim 1, 
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wh erei„, triggered by reception of the Key exchange 
me ssage from the second terminal unit , t h e second protoco 
control section determines t h e Key with the second terminal 



unit . 



4. T he Key exchange proxy networK system according 
„ any one or claim 1, further comprising: 

. second service control unit accessed hy the second 
t erminal unit, and a second Key exchange proxy unit 

f rmlM the k ey exchange processing as proxy for 
10 performing tne 

second terminal unit, 

herein the second service control unit comprises: 

a thi rd message reception section receiving a message 
f r om the first terminal unit, or the second terminal unit, 
15 or the second Key exchange proxy unit; 

a th ird protocol control section which retains a second 
da ta for deciding whether the message received b y the third 
message reception section is a Key exchange message or a 
m essage including a Key, decides whether the reception 
• s the Key exchange message or the message including 
20 message is the Key ex determin es the second 

the Key based on the second data, determi 

•4. transfer destination when the 
key exchange proxy unit as transfer 

. athp kev exchange message received from 
reception message is the Key excn y 

„nit or the second terminal unit, 
either the first terminal unit or 

• * transfer destination 
f ir«!t terminal unit as transiei u 
25 determines the first renux 

wh e„ the reception message is the Key exchange message 
re ceived from the second Key exchange proxy unit, and 
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determines the second terminal unit as transfer destination 
when the reception message is the message including the 
key; and 

a third message transmission section transmitting the 
5 message received by the third message reception section 
to the transfer destination determined by the third 
protocol control section, 

and the second key exchange proxy unit comprises: 

a fourth message reception section receiving the 
10 message from the second service control unit; 

a fourth protocol control section which exchanges the 
Key exchangemessage with the first key exchange proxy unit, 
and determines the key. when the message received by the 
tourth message reception section is the key exchange 

15 message; and 

a fourth message transmission section transmitting 
the key determined by the fourth protocol control section 
to the second service control unit as message including 

the key. 

20 ' ' ' ' 

5 . The key exchange proxy network system according 

to any one of claim 2. further comprising-. 

a second service control unit accessed by the second 
terminal unit, and a second key exchange proxy unit 
25 performing the key exchange processing as proxy for the 
second terminal unit, 

wherein the second service control unit comprises . 
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a third message reception section receiving a message 
f rom the first terminal unit, or the second terminal unrt, 
or the second key exchange proxy unit; 

a third protocol control section which retains a second 

„^~o rpreived by the third 
5 data for deciding whether the message recede 

Hon section is a key exchange message or a 
message reception section 

nes sage including a key. decides whether the receptron 
message is the key exchange message or the message include 

3 riPtermines the second 

the key based on the second data, determrn 

10 Key exchange proxy unit as transfer destination when the 
reception message is the key exchan 9 e message received 
either the first terminal unit or the second terminal unit, 
aetermines the first terminal unit as transfer destination 
w nen the reception message is the key exchange message 
15 received from the second key exchan 9 e proxy unit, and 
aetermines the second terminal unit as transfer destination 
w hen the reception message is the message inc!udin 9 the 
key; and 

a third message transmission section transmits, 
„ message received hy the third message reception section 
to the transfer destination determined by the thrrd 
protocol control section, 

and the second key exchange proxy unit comprises, 

a fourth messa 9 e reception section receiving the 
2 5 message from the second service control unit; 

a fourth protocol control section which exchanges the 
Key exchange message with the first key exchange proxy unit , 
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and determines the key, when the message received by the 
fourth message reception section is the key exchange 
message; and 

a fourth message transmission section transmitting 
5 the key determined by the fourth protocol control section 
to the second service control unit as message including 
the key. 



6. The key exchange proxy network system according 
10 to any one of claim 3, further comprising: 

a second service control unit accessed by the second 
terminal unit, and a second key exchange proxy unit 
performing the key exchange processing as proxy for the 
second terminal unit, 
15 wherein the second service control unit comprises: 

a third message reception section receiving a message 
from the first terminal unit, or the second terminal unit, 
or the second key exchange proxy unit; 

a third protocol control section which retains a second 
20 data for deciding whether the message received by the third 
message reception section is a key exchange message or a 
message including a key, decides whether the reception 
message is the key exchange message or the message including 
the key based on the second data, determines the second 
25 key exchange proxy unit as transfer destination when the 
reception message is the key exchange message received from 
either the first terminal unit or the second terminal unit, 



48 



determines the first terminal unit as transfer destination 
when the reception message is the key exchange message 
received from the second key exchange proxy unit, and 
determines the second terminal unit as transfer destination 
5 when the reception message is the message including the 
key; and 

a third message transmission section transmitting the 
message received by the third message reception section 
to the transfer destination determined by the third 
10 protocol control section, 

and the second key exchange proxy unit comprises: 

a fourth message reception section receiving the 
message from the second service control unit; 

a fourth protocol control section which exchanges the 
15 key exchange message with the f irst key exchange proxy unit , 
and determines the key, when the message received by the 
fourth message reception section is the key exchange 
message; and 

a fourth message transmission section transmitting 
20 the key determined by the fourth protocol control section 
to the second service control unit as message including 
the key. 

7. The key exchange proxy network system according 

25 to claim 4, 

wherein the first service control unit and the second 
service control unit are comprised of an identical unit. 
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w nmw network system according 

8. The key exchange proxy netwoi* y 

to claim 5, 

wherein the first service control unit and the second 
ervi ce control unit are comprised of an identical unit. 
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9. The key exchange proxy network system according 
to claim 6, 

wherein the first service control unit and the second 
10 service control unit are comprised of an identical unit. 



10. The key 



exchange proxy network system according 



to claim 4, 

wherein the first key exchange proxy unit and the second 
« Key exchange proxy unit are comprised of an identical unit. 

11. The key exchange proxy network system according 
to claim 5, 

wherein the first key exchange proxy unit and the second 
key exchange proxy unit are comprised of an identical unit. 
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12 . The key exc 



hange proxy network system according 
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to claim 6, 

wherein the first key exchange proxy unit and the second 
key exchange proxy unit are comprised of an identical unit. 

13. The key exchange proxy network system according 
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to claim 7, 

wherein the first key exchange proxy unit and the second 
key exchange proxy unit are comprised of an identical unit. 

5 14. The key exchange proxy network system according 

to claim 8, 

wherein the first key exchange proxy unit and the second 
key exchange proxy unit are comprised of an identical unit. 
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15. The key exchange proxy network system according 
to claim 9, 

wherein the first key exchange proxy unit and the second 
key exchange proxy unit are comprised of an identical unit. 



i5 16 m A service control unit accessed by a terminal unit, 

transferring a message from any one of said terminal unit, 
and a key exchange proxy unit performing a key exchange 
processing as proxy for said terminal unit, and an opposite 
terminal unit for encryption communication with said 
20 terminal unit, said service control unit comprising: 

a message reception section receiving a message from 
the terminal unit, or the key exchange proxy unit, or the 
opposite terminal unit; 

a protocol control section which retains a data for 
25 deciding whether the message received by the message 
reception section is a key exchange message or a message 
including a key, decides whether the reception message is 



51 



the key exchange message or the message including the key 
based on said data, determines the key exchange proxy unit 
as transfer destination when the reception message is the 
key exchange message received from either the terminal unit 
or the opposite terminal unit, determines the opposite 
terminal unit as transfer destination when the reception 
message is the key exchange message received from the key 
exchange proxy unit, and determines the terminal unit as 
transfer destination when the reception message is the 
message including the key; and 

a message transmission section transmitting the 
reception message to the transfer address determined by 
the protocol control section. 

17. The service control unit according to claim 16, 
wherein the data is a service profile provided on a 
per terminal unit basis, including an address and a port 
number designating an application, and 

the protocol control section compares either a 
destination address or a source address included in the 
message received by the message reception section with the 
address included in the service profile, and compares the 
port number included in the reception message with the port 
number included in the service profile, and thereby 
determines whether the reception message is the key 
exchange message or the message including the key. 



52 



18 . A key exchange proxy unit performing a key exchange 
processing with an opposite terminal unit as proxy for a 
terminal unit to perform encryption communication to the 
opposite terminal unit, said key exchange proxy unit 

5 comprising: 

a message reception section receiving the message from 
service control unit which is accessed by the terminal unit , 
and transfers a message received from either the terminal 
unit or the opposite terminal unit; 
10 a protocol control section which exchanges a key 

exchange messages with the opposite terminal unit, and 
determines the key , when the message received by the message 
reception section is the key exchange message; and 

a message transmission section which transmits the 
15 key determined by the protocol control section to the 
service control unit as the message including the key. 

19. The key exchange proxy unit according to claim 
18, further comprising: 

. 20 a key generation section generating the key. 

20. The key exchange proxy unit according to claim 

18, 

wherein, triggered by reception of the key exchange 
25 message from the terminal unit, the protocol control 
section determines the key with the opposite terminal unit . 
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21. The key exchange proxy unit according to claim 

wherein, triggered by reception of the key exchange 
message from the terminal unit, the protocol control 
5 section determines the key with the opposite terminal unit . 

22. The key exchange proxy unit according to claim 

18, 

wherein, triggered by reception of the key exchange 
10 message from the opposite terminal unit, the protocol 
control section determines the key with the opposite 
terminal unit. 

23. The key exchange proxy unit according to claim 

15 19, 

wherein, triggered by reception of the key exchange 
message from the opposite terminal unit, the protocol 
control section determines the key with the opposite 
terminal unit. 
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24. A terminal unit accessing a service control unit 
in a communication network and performing encryption 
communication with an opposite terminal unit , said terminal 

unit comprising: 

an encryption process management section which retains 
a first data specifying a communication condition requiring 
encryption and a second data including a key for use in 



54 



the encryption, decides whether encryption is required for 
the communication with the opposite terminal unit based 
on the first data, and decides whether the key required 
for the encryption is existent in the second data; 

5 a message transmission section which transmits a key 

exchange message to the opposite terminal unit through the 
service control unit, when the encryption process 
management section decides that the encryption is required 
and that the key required for the encryption is not existent ; 

10 and 

a message reception section which receives the message 
including the key determined between a key exchange proxy 
unit in the communication network and the opposite terminal 
unit from the service control unit. 

15 

25. The terminal unit according to claim 24, 
wherein the first data includes an address of the 
opposite terminal unit for which encryption communication 
is required, and a port number designating an application, 
20 and 

the encryption process management section compares 
a destination address of the message to be transmitted to 
the opposite terminal unit with the address in the first 
data, compares the port number included in the transmission 
25 message with the port number included in the first data, 
and thereby decides whether the encryption is required in 
the communication with the opposite terminal unit. 
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26. The terminal unit according to claim 24, 
wherein the second data includes an address, a port 
number, an encryption protocol and a key for use in the 
5 encryption, and 

the encryption process management section compares 
the address in the first data with the address in the second 
data, compares the port number in the first data with the 
port number in the second data, and thereby decides whether 
10 the key required for the encryption is existent in the second 
data. 



27. The terminal unit according to claim 25, 
wherein the second data includes an address, a port 
15 number, an encryption protocol and a key for use in the 
encryption, and 

the encryption process management section compares 
the address in the first data with the address in the second 
data, compares the port number in the first data with the 
20 port number in the second data, and thereby decides whether 
the key required for the encryption is existent in the second 
data . 



28. A key exchange proxy method for a key exchange 
25 proxy network system having a key exchange proxy unit 
performing a key exchange processing between a first 
terminal unit and a second terminal unit as proxy for the 
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first terminal unit for encryption communication between 
the terminal units , said key exchange proxy method 
comprising : 

in the service control unit, transferring a key 
5 exchange message received from either the first terminal 
unit or the second terminal unit to the key exchange proxy 
unit ; 

in the key exchange proxy unit, generating the key. 
exchange message to be exchanged between the first terminal 
10 unit and the second terminal unit, and transmitting the 
generated key exchange message to the service control unit; 

in the service control unit, transferring the key 
exchange message to the second terminal unit; 

in the key exchange proxy unit, transmitting to the 
15 service control unit a message including the key determined 
by exchanging the key exchange messages; and 

in the service control unit, transferring to the first 
terminal unit the message including the key received from 
the key exchange proxy unit. 

20 

29. A key exchange proxy network system performing, 
as proxy, a key exchange processing to be performed between 
a first terminal unit and a second terminal unit for 
encryption communication therebetween, said key exchange 
25 proxy network system comprising: 

a service control unit accessed by the first terminal 
unit; and 



a key exchange proxy unit performing the key exchange 
processing as proxy for the first terminal unit, 
wherein the service control unit transfers either a key 
exchange proxy request message received from the first 
terminal unit, or a key exchange message received from the 
second terminal unit, to the key exchange proxy unit based 
on a service profile provided for deciding a transfer 
destination of a reception message, transfers the key 
exchange message received from the key exchange proxy unit 
to the second terminal unit, and transfers a message 
including the key received from the key exchange proxy unit 
to the first terminal unit, and 

the key exchange proxy unit exchanges the key exchange 
message between the key exchange proxy unit and the second 
terminal unit through the service control unit, and thereby 
determines the key, and transmits the message including 
the determined key to the first terminal unit through the 
service control unit. 
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